250 lines
6.8 KiB
PHP
250 lines
6.8 KiB
PHP
<?php
|
|
|
|
namespace database\repo;
|
|
use \database\core\Repo_i;
|
|
|
|
class admin extends Repo_i{
|
|
|
|
|
|
/* (1) Return all admins in database
|
|
*
|
|
* @return admins<array> The admin list
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function getAll(){
|
|
|
|
/* (1) Statement */
|
|
$st = $this->pdo->query("SELECT `id_admin`, `username`, `mail` FROM `admin` ORDER BY `username` ASC");
|
|
|
|
/* (2) Fetched data */
|
|
return $st->fetchAll();
|
|
|
|
}
|
|
|
|
|
|
/* (2) Return a admin by its `id_admin`
|
|
*
|
|
* @id_admin<int> The admin UID
|
|
*
|
|
* @return admin<array> The admin if found
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function getById(int $id_admin){
|
|
|
|
/* (1) Prepare Statement */
|
|
$pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `id_admin` = :id_admin LIMIT 1");
|
|
|
|
/* (2) Bind variables */
|
|
$pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT);
|
|
|
|
/* (3) Execute */
|
|
if( !$pst->execute() ) return false; // if error -> send FALSE
|
|
|
|
/* (4) Fetched data */
|
|
return $pst->fetch();
|
|
|
|
}
|
|
|
|
|
|
/* (3) Return a admin by its `mail`
|
|
*
|
|
* @mail<String> The admin mail address
|
|
*
|
|
* @return admin<array> The admin if found
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function getByMail(String $mail){
|
|
|
|
/* (1) Prepare Statement */
|
|
$pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `mail` = :mail LIMIT 1");
|
|
|
|
/* (2) Bind variables */
|
|
$pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50);
|
|
|
|
/* (3) Execute */
|
|
if( !$pst->execute() ) return false; // if error -> send FALSE
|
|
|
|
/* (4) Fetched data */
|
|
return $pst->fetch();
|
|
|
|
}
|
|
|
|
|
|
/* (4) Return a admin by its `username`
|
|
*
|
|
* @username<String> The admin username
|
|
*
|
|
* @return admin<array> The admin if found
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function getByUsername(String $username){
|
|
|
|
/* (1) Prepare Statement */
|
|
$pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `username` = :username LIMIT 1");
|
|
|
|
/* (2) Bind variables */
|
|
$pst->bindParam(':username', $username, \PDO::PARAM_STR, 20);
|
|
|
|
/* (3) Execute */
|
|
if( !$pst->execute() ) return false; // if error -> send FALSE
|
|
|
|
/* (4) Fetched data */
|
|
return $pst->fetch();
|
|
|
|
}
|
|
|
|
|
|
/* (5) Return a admin by its `token`
|
|
*
|
|
* @token<String> The admin token
|
|
*
|
|
* @return admin<array> The admin if found
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function getByToken(String $token){
|
|
|
|
/* (1) Prepare Statement */
|
|
$pst = $this->pdo->prepare("SELECT `id_admin`, `username`, `mail` FROM `admin` WHERE `token` is not NULL AND `token` = :token LIMIT 1");
|
|
|
|
/* (2) Bind variables */
|
|
$pst->bindParam(':token', $token, \PDO::PARAM_STR, 128);
|
|
|
|
/* (3) Execute */
|
|
if( !$pst->execute() ) return false; // if error -> send FALSE
|
|
|
|
/* (4) Fetched data */
|
|
return $pst->fetch();
|
|
|
|
}
|
|
|
|
|
|
/* (6) Check the password of a admin
|
|
*
|
|
* @id_admin<String> The admin UID
|
|
* @password<String> The password to test
|
|
*
|
|
* @return valid<bool> Whether the password is valid or not
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function checkPassword(int $id_admin, String $password){
|
|
|
|
/* (1) Hash the password */
|
|
$hash = \secure_hash($password, $id_admin, 'admin-pass');
|
|
|
|
/* (2) Prepare Statement */
|
|
$pst = $this->pdo->prepare("SELECT * FROM `admin` WHERE `id_admin` = :id_admin AND `pass` = :pass LIMIT 1");
|
|
|
|
/* (3) Bind variables */
|
|
$pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT);
|
|
$pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128);
|
|
|
|
/* (4) Execute */
|
|
if( !$pst->execute() ) return false; // if error -> send FALSE
|
|
|
|
/* (5) If no data -> means invalid password */
|
|
if( !is_array($pst->fetch()) )
|
|
return false;
|
|
|
|
/* (6) If here -> means password is ok */
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
/* (6) Set the password for a admin
|
|
*
|
|
* @id_admin<String> The admin UID
|
|
* @password<String> The password to set
|
|
*
|
|
* @return set<bool> Whether the password has been set or not
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function setPassword(int $id_admin, String $password){
|
|
|
|
/* (1) Hash the password */
|
|
$hash = \secure_hash($password, $id_admin, 'admin-pass');
|
|
|
|
/* (2) Prepare Statement */
|
|
$pst = $this->pdo->prepare("UPDATE `admin` SET `pass` = :pass WHERE `id_admin` = :id_admin");
|
|
|
|
/* (3) Bind variables */
|
|
$pst->bindParam(':pass', $hash, \PDO::PARAM_STR, 128);
|
|
$pst->bindParam(':id_admin', $id_admin, \PDO::PARAM_INT);
|
|
|
|
/* (4) Execute -> dispatch status */
|
|
return $pst->execute();
|
|
|
|
}
|
|
|
|
/* (7) Creates a new admin
|
|
*
|
|
* @username<String> The username (must be unique)
|
|
* @mail<String> The mail address (must be unique)
|
|
* @password<String> The password
|
|
*
|
|
* @return id_created<int> UID of the created admin
|
|
* FALSE on error
|
|
*
|
|
---------------------------------------------------------*/
|
|
public function create(String $username, String $mail, String $password){
|
|
|
|
|
|
/* (1) Check @username + @mail are unique
|
|
---------------------------------------------------------*/
|
|
/* (1) If @username already exists -> abort */
|
|
if( is_array($this->getByUsername($username)) )
|
|
return false;
|
|
|
|
/* (2) If @mail already exists -> abort */
|
|
if( is_array($this->getByMail($mail)) )
|
|
return false;
|
|
|
|
|
|
|
|
/* (2) Create the admin (without password)
|
|
---------------------------------------------------------*/
|
|
/* (1) Create a random token */
|
|
$token = \secure_hash(uniqid(), 'admin-token');
|
|
|
|
/* (2) Prepare Statement */
|
|
$pst = $this->pdo->prepare("INSERT INTO `admin`(`id_admin`, `username`, `mail`, `pass`, `token`) VALUES(DEFAULT, :username, :mail, NULL, :token)");
|
|
|
|
/* (3) Bind variables */
|
|
$pst->bindParam(':username', $username, \PDO::PARAM_STR, 20);
|
|
$pst->bindParam(':mail', $mail, \PDO::PARAM_STR, 50);
|
|
$pst->bindParam(':token', $token, \PDO::PARAM_STR, 128);
|
|
|
|
/* (4) Execute -> if error return FALSE */
|
|
if( !$pst->execute() ) return false;
|
|
|
|
|
|
/* (2) Set the password (needed @id_admin)
|
|
---------------------------------------------------------*/
|
|
/* (1) Get last inserted id */
|
|
$fetch_admin = $this->getByUsername($username);
|
|
|
|
/* (2) If nothing found -> error */
|
|
if( !is_array($fetch_admin) || !isset($fetch_admin['id_admin']) || !is_numeric($fetch_admin['id_admin']) )
|
|
return false;
|
|
|
|
/* (3) Extract @id_admin */
|
|
$id_admin = intval($fetch_admin['id_admin']);
|
|
|
|
/* (4) Repo self call */
|
|
if( !$this->setPassword($id_admin, $password) )
|
|
return false;
|
|
|
|
/* (5) Return @id_admin */
|
|
return $id_admin;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} |